024: SECURITY FIX: May 26, 2000
Kernel contained an undocumented system call used to lock semaphore operations
while they were being sampled by the ipcs(1) command. This locking could be
used as a local denial of service attack which would block the exiting of
processes which had semaphore resources allocated. Processes not using
semaphores are not affected, so the actual effect is very minimal.
!
A jumbo patch exists which remedies this problem.
!
023: SECURITY FIX: May 25, 2000
A misuse of ipf(8)
keep-state rules can result in firewall rules being
bypassed.
This patch also includes fixes for an unaligned timestamp issue,
and reliability fixes for ipmon and the in-kernel ftp proxy.
!
A jumbo patch exists, which remedies this problem, and updates ipf
to version 3.3.16.
!
022: SECURITY FIX: May 25, 2000
xlockmore has a localhost attack against it which allows recovery of the encrypted
hash of the root password. The damage to systems using DES passwords from this
attack is pretty heavy, but to systems with a well-chosen root password under
blowfish encoding
! (see
crypt(3))
the impact is much reduced.
(Aside: We do not consider this a localhost root hole in the default install,
since we have not seen a fast blowfish cracker yet ;-)
!
A source code patch exists, which remedies this problem. This is the 2nd patch designed to solve this problem.
!
021: RZSZ SNOOPING: Jan 31, 2000
The rzsz port was removed from the ports collection, as it collects and
sends user information to a designated email address, effectively spying on
you. It is recommended that you remove this package if you installed
it.
018: SECURITY FIX: Jan 20, 2000
Systems running with procfs enabled and mounted are vulnerable
to having the stderr output of setuid processes directed onto
a pre-seeked descriptor onto the stack in their own procfs memory.
Note that procfs is not mounted by default in OpenBSD.
!
A source code patch exists, which remedies this problem.
009: DRIVER IMPROVEMENTS: Dec 4, 1999
Various improvements have been made to the IDE/ATAPI subsystem since
the 2.6 release shipped.
Some of these improvements make some recalcitrant devices work much better.
!
Revision 1 of this jumbo source code patch exists.
!
016: SECURITY FIX: Dec 2, 1999
A buffer overflow in the RSAREF code included in the
USA version of the libssl package (called sslUSA, is
possibly exploitable in isakmpd if SSL/RSA features
are enabled or used.
! OpenSSH and httpd (with -DSSL) are not
vulnerable. NOTE: International users using the ssl26 package are not affected.
--- 48,166 ----
!
All architectures
!
024: SECURITY FIX: May 26, 2000
Kernel contained an undocumented system call used to lock semaphore operations
while they were being sampled by the ipcs(1) command. This locking could be
used as a local denial of service attack which would block the exiting of
processes which had semaphore resources allocated. Processes not using
semaphores are not affected, so the actual effect is very minimal.
!
A jumbo patch exists which remedies this problem.
!
023: SECURITY FIX: May 25, 2000
A misuse of ipf(8)
keep-state rules can result in firewall rules being
bypassed.
This patch also includes fixes for an unaligned timestamp issue,
and reliability fixes for ipmon and the in-kernel ftp proxy.
!
A jumbo patch exists, which remedies this problem, and updates ipf
to version 3.3.16.
!
022: SECURITY FIX: May 25, 2000
xlockmore has a localhost attack against it which allows recovery of the encrypted
hash of the root password. The damage to systems using DES passwords from this
attack is pretty heavy, but to systems with a well-chosen root password under
blowfish encoding
! (see
crypt(3))
the impact is much reduced.
(Aside: We do not consider this a localhost root hole in the default install,
since we have not seen a fast blowfish cracker yet ;-)
!
A source code patch exists, which remedies this problem. This is the 2nd patch designed to solve this problem.
!
021: RZSZ SNOOPING: Jan 31, 2000
The rzsz port was removed from the ports collection, as it collects and
sends user information to a designated email address, effectively spying on
you. It is recommended that you remove this package if you installed
it.
018: SECURITY FIX: Jan 20, 2000
Systems running with procfs enabled and mounted are vulnerable
to having the stderr output of setuid processes directed onto
a pre-seeked descriptor onto the stack in their own procfs memory.
Note that procfs is not mounted by default in OpenBSD.
!
A source code patch exists, which remedies this problem.
009: DRIVER IMPROVEMENTS: Dec 4, 1999
Various improvements have been made to the IDE/ATAPI subsystem since
the 2.6 release shipped.
Some of these improvements make some recalcitrant devices work much better.
!
Revision 1 of this jumbo source code patch exists.
!
016: SECURITY FIX: Dec 2, 1999
A buffer overflow in the RSAREF code included in the
USA version of the libssl package (called sslUSA, is
possibly exploitable in isakmpd if SSL/RSA features
are enabled or used.
! OpenSSH and httpd (with -DSSL) are not
vulnerable. NOTE: International users using the ssl26 package are not affected.
***************
*** 183,319 ****
NOTE: this problem turned out to not be unexploitable in OpenSSH.
005: FUNCTIONALITY ADDITION: Nov 11, 1999
Various OpenSSH improvements have been made since the 2.6 release shipped.
To resolve the various (non-security related) features which users may want,
we are making a jumbo patch available. This is now at VERSION FOUR.
!
Revision 4 of this jumbo source code patch exists. NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
005: FUNCTIONALITY ADDITION: Nov 11, 1999
Various OpenSSH improvements have been made since the 2.6 release shipped.
To resolve the various (non-security related) features which users may want,
we are making a jumbo patch available. This is now at VERSION FOUR.
!
Revision 4 of this jumbo source code patch exists. NOTE: /etc/sshd_config and /etc/ssh_config may need changes.